http server

To enable the HTTP server on the router and enable access to the Craft Works Interface (CWI), use the http server command in global configuration mode. To disable the HTTP server, use the no
form of this command.

httpserver [ssl]
[ access-groupname ]

nohttpserver

Syntax Description

ssl

(Optional) Enables Secure Socket Layer (SSL).

access-groupname

(Optional) Enables access to the CWI from IP addresses that meet the conditions of the access control list (ACL) specified for the name argument.

Command Default

The HTTP server is disabled.

Command Modes

Global configuration

Command History

Release

Modification

Release 2.0

This command was introduced.

Release 3.2

Support for access groups was added. The access-group keyword and name argument were added to support access groups.

Usage Guidelines

Use the http server command to enable the HTTP server on your router.

To display the home page of the router, use a Web browser pointed to http://x.x.x.x, where x.x.x.x is the router IP address. If a name has been set, use http://router-name.

Use the ssl keyword to run HTTP over a secure socket. This command enables the HTTP server to run SSL when accessing web pages or files provided by the HTTP server of the router and disables access through the regular HTTP port.

Enabling the HTTP server enables authentication by default. After the HTTP server has been enabled, you then are prompted to provide a username and password to access web pages on the HTTP server.

Note

The http server command enables the HTTP server process on Management Ethernet interfaces by default. For information about how to enable HTTP server on other inband interfaces, see the Implementing Management Plane Protection on Cisco IOS XR Software module in Cisco IOS XR System Security Configuration
Guide for the Cisco CRS Router.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following example shows how to enable the HTTP server on the router:

RP/0/RP0/CPU0:router(config)# http server

The following example shows how to enable SSL to run HTTP over a secure socket:

RP/0/RP0/CPU0:router(config)# http server ssl

The following example shows how to enable SSL to run HTTP over a secure socket and to enable access to the CWI from only IP addresses that meet the conditions of the access group named test:

RP/0/RP0/CPU0:router(config)# http server ssl access-group test

The following sample output from the show ipv4 access-lists commands displays the IPv4 access list named test:

iteration

To configure the
iteration size for large XML agent responses, use the iteration command in xml
agent configuration mode. To revert to the default iteration settings, use the
no form of this command.

iteration
{ off
| onsizeiteration-size }

noiteration

Syntax Description

off

Disables
iteration, meaning that the entire XML response is returned, regardless of its
size. Use of this option is not recommended.

on

Enables
iteration, meaning that large XML responses are broken into chunks according to
the iteration chunk size.

sizeiteration-size

Specifies
the size of the iteration chunk, in Kbytes. Values can range from 1 to 100,000.

Command Default

Iteration is
enabled; the
iteration-size
is 48.

Command Modes

XML agent

TTY XML agent

SSL XML agent

Command History

Release

Modification

Release 3.9.0

This command
was introduced.

Usage Guidelines

When the XML agent
returns a large response, it splits the response into chunks and returns one
chunk at a time. External clients then need to send a GetNext request to obtain
the next chunk. Use the
iteration command to control the size of iteration chunks. A larger
chunk value allows larger chunks to be received in a shorter period of time,
possibly making the router system busier. A smaller chunk value allows smaller
chunks to be received over a longer period of time, but does not make the
router busy You can also specify to disable iteration completely using the
iteration
off command.

Note

It is not
recommended to disable iteration, since this could result in large transient
memory usage.

To specify the TTY
or SSL iteration size specifically, use the
iteration command from the appropriate command mode.

Task ID

Task ID

Operations

config-services

read, write

Examples

The following
example shows how to configure the iteration chunk size to 100 Kbytes.

streaming

To configure the streaming size of
the response while the XML agent is retrieving data from the source, use the
streaming
command in the appropriate mode.

streaming on
size size
in kbytes

Syntax Description

size size in
kbytes

Streaming size of the xml
response. Range is 1 to 100000.

Command Default

Default is 48 KB.

Command Modes

XML agent mode

Command History

Release

Modification

Release 4.1

This command was
introduced.

Usage Guidelines

Iteration must be off. The sub-response block size is a configurable value
specific to each transport mechanisms on the router (the XML agent for the
dedicated TCP connection and Secure Shell (SSH), Telnet, or Secure Sockets
Layer (SSL) dedicated TCP connection).

shutdown
(VRF)

To configure the
dedicated XML agent to not receive or send messages via the default VRF, use
the
shutdown
command in xml agent vrf configuration mode. To enable the dedicated XML agent
to receive or send messages via the default VRF, use the
no form of this
command.

shutdown

no shutdown

This command has no keywords or arguments.

Command Default

The default VRF
instance is enabled by default.

Command Modes

xml agent vrf configuration

xml agent ssl vrf configuration

Command History

Release

Modification

Release 4.0.0

This command
was introduced.

Usage Guidelines

Task ID

Task ID

Operation

config-services

read, write

Examples

The following
example illustrates how to configure the XML dedicated agent to send and
receive messages via VRF1 only:

vrf (XML)

To configure a
dedicated agent to receive and send messages via the specified VPN routing and
forwarding (VRF) instance, use the vrf command in one of the xml agent
configuration mode. To disable the receiving and sending of messages via a
specific VRF instance, use the
no form of this command.

vrf
{ default | vrf-name }

Syntax Description

default

Configures
the default VRF instance.

vrf-name

Configures
the specified VRF instance.

Command Default

The default VRF is
enabled by default.

Command Modes

XML agent configuration

XML agent SSL configuration

Command History

Release

Modification

Release 4.0.0

This command
was introduced.

Usage Guidelines

The default VRF is
enabled by default. To disable the default VRF, use the
shutdown command.

Task ID

Task ID

Operation

config-services

read, write

Examples

This example shows
how to configure the dedicated XML agent to receive and send messages via VRF1,
VRF2 and the default VRF:

Command Default

XML requests are
disabled.

Command Modes

Global configuration

Command History

Release

Modification

Release 3.8.0

This command
was introduced.

Usage Guidelines

There are two XML
agents: a legacy XML agent and an enhanced-performance XML agent. We recommend
that you use the enhanced-performance agent. The legacy agent is supported for
backward compatibility. Use the
xml agent
command to enable the enhanced-performance XML agent. Use the
xml agent tty
command to enable the legacy XML agent.

Use the
no form of the
xml agent
command to disable the enhanced-performance XML agent.

Task ID

Task ID

Operations

config-services

read, write

Examples

This example shows
how to enable XML requests over a dedicated TCP connection:

xml agent
ssl

mode. To disable XML requests over SSL, use the
no form of this command.

xmlagentssl

noxmlagentssl

Command Default

SSL agent is
disabled by default.

Command Modes

Global configuration

Command History

Release

Modification

Release 3.9.0

This command
was introduced.

Usage Guidelines

The k9sec package is
required to use the SSL agent. The configuration is rejected during commit when
the security software package is not active on the system. When the security
software package is deactivated after configuring SSL agent, the following
syslog message is displayed to report that the SSL agent is no longer
available.

xml_dedicated_ssl_agent[420]:
%MGBL-XML_TTY-7-SSLINIT : K9sec pie is not active, XML service over
SSL is not available.

xml agent
tty

mode. To disable XML requests over SSH and Telnet, use the
no form of this command.

Note

This command
enables a legacy XML agent that has been superceded by an enhanced performance
XML agent and is supported only for backward compatibility. To enable the
enhanced-performance XML agent, use the
xml agent
command.

xmlagenttty

noxmlagenttty

Command Default

XML requests over
SSH and Telnet are disabled.

Command Modes

Global configuration

Command History

Release

Modification

Release 3.2

This command
was introduced.

Usage Guidelines

There are two XML
agents: a legacy XML agent and an enhanced-performance XML agent. We recommend
that you use the enhanced-performance agent. The legacy agent is supported for
backward compatibility. The
xmlagenttty command enables the legacy XML agent. Use the
xml agent
command to enable the enhanced-performance XML agent.

Use the
no form of
the
xmlagenttty command to disable the legacy XML agent.

Task ID

Task ID

Operations

config-services

read,
write

Examples

This example shows
how to enable XML requests over Secure Shell (SSH) and Telnet: